Macro malware made its come back after 16 years and is once again on the security professional’s radar by affecting at least 100,000 people since it began its resurgence earlier this year. The malware, which uses the macros found in Windows Office products like Word and Excel, saw its heyday in 1999 when it was first observed and known as the Melissa virus. At that time, Microsoft included added permissions step for office documents users and this helped curtail the issue. However, it is again on the rise. Over the last 12 months, security experts have witnessed an increase in macro malware attachments and they believe that it is due to the multitudes of tools easily found in underground forums that have led to the increase. Common subject lines of macro malware attachments include phrases such as payment request, courier notification, resume, sales invoice, or donation confirmation. The text of the email matches the subject line with enough information to get the attachment opened, including official-looking signatures and logos. The other major change in macro malware is its ability to remain hidden on a computer. As per security experts, the malware creators now use techniques such as including junk code and complex encrypted strings. These serve no other purpose than to spoof security staffers.
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street